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WHAT IS CLAIMED IS: 
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1 . A method in a data processing system for validating digital certificates, 
comprising: 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received request; 

sending the Lightweight Directory Access Protocol database query to 
determine whether the digital certificate is valid; and 

receiving a database query result indicating whether the digital certificate is 

valid. 
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2. The method of claim 1 , further including sending an indication of 
whether the digital certificate is valid based upon the received database query result. 

3. The method of claim 1 , wherein the data processing system has a 
certificate authority and an associated database, and wherein the method further 
comprises: 

sending an indication of a new digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database, from the certificate authority, an indication of the 
new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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4. The method of claim 1 , wherein the data processing system has a 
certificate authority and an associated database, and wherein the method further 
comprises: 

sending an indication of a revoked digital certificate from the certificate 
authority to the database upon revocation of the revoked digital certificate; 

receiving, by the database, from the certificate authority, the indication of 
revocation of the revoked digital certificate; and 

removing a database record of an identity of the revoked digital certificate. 

5. A method in a data processing system for validating digital certificates, 
the data processing system having a certificate authority and an associated 
database, the method comprising: 

receiving, by a database, a Lightweight Directory Access Protocol query 
based on an online certificate status protocol request indicating a requested digital 
certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate, whereby the indication of the database record is returned without 
transmission of a certificate revocation list by the certificate authority. 
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6. The method of claim 5, further comprising the step of: 
sending an indication of a new digital certificate from the certificate authority 

to the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of the 
new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 

7. A method in a data processing system for validating digital certificates 
without certification revocation lists, comprising: 

10 receiving an online certificate status protocol request associated with a digital 

certificate; 

creating a database query based on the received request; 
sending the database query to determine whether the digital certificate is 
valid; and 

15 receiving a database query result indicating whether the digital certificate is 

valid. 
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8. The method of claim 7, wherein the database query is a Lightweight 
Directory Access Protocol database query. 
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9. A method in a data processing system for validating digital certificates 
without certification revocation lists, the data processing system having a certificate 
authority and an associated database, the method comprising: 

receiving, by the database, a query based on an online certificate status 
protocol request indicating a requested digital certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate. 

1 0. The method of claim 9, further comprising the step of: 

sending an indication of the new digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of a 
new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 

1 1 . The method of claim 9, wherein the received query is a Lightweight 
Directory Access Protocol query. 
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12. A method in a data processing system for validating digital certificates 
without certification revocation lists, the data processing system having a client, a 
server, an OCSP responder, a database, and a certificate authority, the method 
comprising: 

sending a request from the client for a transaction, the request including a 
digital certificate identifying the client; 

receiving the client request by the server; 

creating, by the server, an online certificate status protocol request based on 
the associated digital certificate identifying the client; 

sending the online certificate status protocol request by the server; 

receiving, by the OCSP responder, the online certificate status protocol 
request associated with the digital certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received online certificate status protocol request; 

sending the Lightweight Directory Access Protocol database query to the 
database to determine whether the digital certificate is valid, the database storing 
records of valid certificates of the certificate authority; 

searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request; 

returning a LDAP database query result indicating whether the digital 
certificate is valid; and 

receiving the returned LDAP database query result. 
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1 3. A data processing system for answering online certificate status 
requests without certificate revocation lists, comprising: 
a memory having program instructions; 

a processor configured to execute the program instructions to receive an 
online certificate status protocol request associated with a digital certificate, create a 
database query based on the received request, send the Lightweight Directory 
Access Protocol database query to determine whether the digital certificate is valid, 
and receive a Lightweight Directory Access Protocol database query result indicating 
whether the digital certificate is valid. 
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14. A data processing system for answering online certificate status 
requests witliout certificate revocation lists, comprising: 
a first computer having: 

a memory having program instructions; 

a processor configured to execute the program instructions to receive 
an online certificate status protocol request associated with a digital certificate, 
create a database query based on the received request, send the database query to 
determine whether the digital certificate is valid, and receive a database query result 
indicating whether the digital certificate is valid; and 

a second computer representing a directory server having: 

a database storing database records indicating digital certificates; 

a memory having program instructions; 

a processor configured to execute the program instructions to receive, 
from a certificate authority, an indication of a new digital certificate upon issuance of 
the new digital certificate, store a database record reflecting an identity of the new 
digital certificate, receive the database query based on the online certificate status 
protocol request from the first computer, search the database for a database record 
reflecting an identity of the requested digital certificate; and return an indication of 
the database record to the first computer when the database record reflecting the 
requested digital certificate is found to indicate validity of the requested digital 
certificate. 
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15. The data processing system of claim 14, wherein the database query 
is an LDAP query. 

16. A data processing system for answering online certificate status 
requests without certificate revocation lists, comprising: 

a client computer configured to send a request for a transaction, the request 
including a digital certificate identifying the client; 

a server computer configured to receive the client request, create an online 
certificate status protocol request based on the associated digital certificate 
identifying the client, and send the online certificate status protocol request; 

an OCSP responder configured to receive the online certificate status 
protocol request associated with the digital certificate, create a Lightweight Directory 
Access Protocol database query based on the received online certificate status 
protocol request, and send the Lightweight Directory Access Protocol database 
query to a database to determine whether the digital certificate is valid, the database 
storing records of valid certificates of the certificate authority; and 

a database configured to search for a database record identifying the digital 
certificate associated with the online certificate status protocol request, return an 
LDAP database query result indicating whether the digital certificate is valid. 
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1 7. A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for validating digital certificates 
comprising the steps of: 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received request; 

sending the Lightweight Directory Access Protocol database query to 
determine whether the digital certificate is valid; and 

receiving a database query result indicating whether the digital certificate is 

valid. 
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18. The computer-readable medium of claim 1 7, wherein the method 
further comprises sending an indication of whether the digital certificate is valid 
based upon the received database query result. 
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19. The computer-readable medium of claim 1 7, wherein the data 
processing system has a certificate authority and an associated database, and 
wherein the method further comprises: 

sending an indication of a new digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database, from the certificate authority, an indication of the 
new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 



10 20. The computer-readable medium of claim 17, wherein the data 

processing system has a certificate authority and an associated database, and 
wherein the method further comprises: 

sending an indication of a revoked digital certificate from the certificate 
authority to the database upon revocation of the revoked digital certificate; 
15 receiving, by the database, from the certificate authority, the indication of 

revocation of the revoked digital certificate; and 

removing a database record of an identity of the revoked digital certificate. 
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21 . A computer-readable medium containing instructions for controlling a 
data processing system to perfonn a method for validating digital certificates, the 
data processing system having a certificate authority and an associated database, 
the method comprising the steps of: 

receiving, by a database, a Lightweight Directory Access Protocol query 
based on an online certificate status protocol request indicating a requested digital 
certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate, whereby the indication of the database record is returned without 
transmission of a certificate revocation list by the certificate authority. 
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22. The computer-readable medium of claim 21 , wherein the method 
further comprises the steps of: 

sending an indication of a new digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of the 
new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 
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23. A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for validating digital certificates without 
certification revocation lists comprising the steps of: 

receiving an online certificate status protocol request associated with a digital 
certificate; 

creating a database query based on the received request; 
sending the database query to determine whether the digital certificate is 
valid; and 

receiving a database query result indicating whether the digital certificate is 
10 valid. 

24. The computer-readable medium of claim 23, wherein the database 
query is a Lightweight Directory Access Protocol database query. 
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25. A computer-readable medium containing instructions for controlling a 
data processing system to perform a method for validating digital certificates without 
certification revocation lists, the data processing system having a certificate authority 
and an associated database, the method comprising the steps of: 

receiving, by the database, a query based on an online certificate status 
protocol request indicating a requested digital certificate; 

searching the database for a database record reflecting an identity of the 
requested digital certificate; and 

returning an indication of the database record when the database record 
reflecting the requested digital certificate is found to indicate validity of the requested 
digital certificate. 

26. The computer-readable medium of claim 25, wherein the method 
further comprises the steps of: 

sending an indication of the new digital certificate from the certificate authority 
to the database upon issuance of the new digital certificate; 

receiving, by the database from the certificate authority, an indication of a 
new digital certificate upon issuance of the new digital certificate; and 

storing a database record reflecting an identity of the new digital certificate. 

27. The computer-readable medium of claim 25, wherein the received 
query is an Lightweight Directory Access Protocol query. 
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28. A computer-readable medium containing instructions for controlling a 
data processing system to perform a metliod for validating digital certificates without 
certification revocation lists, the data processing system having a client, a server, an 
OCSP responder, a database, and a certificate authority, the method comprising the 
steps of: 

sending a request from the client for a transaction, the request including a 
digital certificate identifying the client; 

receiving the client request by the server; 

creating, by the server, an online certificate status protocol request based on 
the associated digital certificate identifying the client; 

sending the online certificate status protocol request by the server; 

receiving, by the OCSP responder, the online certificate status protocol 
request associated with the digital certificate; 

creating a Lightweight Directory Access Protocol database query based on 
the received online certificate status protocol request; 

sending the Lightweight Directory Access Protocol database query to the 
database to determine whether the digital certificate is valid, the database storing 
records of valid certificates of the certificate authority; 

searching the database for a database record identifying the digital certificate 
associated with the online certificate status protocol request; 

returning a LDAP database query result indicating whether the digital 
certificate is valid; and 

receiving the returned LDAP database query result. 
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29. A data processing system for validating digital certificates, comprising: 

means for receiving an online certificate status protocol request associated 
with a digital certificate; 

means for creating a Lightweight Directory Access Protocol database query 
based on the received request; 

means for sending the Lightweight Directory Access Protocol database query 
to determine whether the digital certificate is valid; and 

means for receiving a database query result indicating whether the digital 
certificate is valid. 
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